Token Management

Create/Update Token Details

put

/api/v2/card

Create/Update a token using the Verifone Tokenisation Service.

If a token exists for the card already, it is updated with the information in the request. Otherwise, a new token is created for the given card.

Authorizations

AuthorizationstringRequired

Body

token_scopestring · uuidRequired

The token scope under which this token was created.

Example: 0e48425a-f1bc-431a-b7d8-f866de8ba276

encrypted_cardstringRequired

The cardholder data encrypted using the Verifone provided public key. This can be obtained using either Verifone.JS solution or Verifone Checkout in capture mode.

The data to encrypt is a JSON with possible tags being cardNumber, sequenceNumber, cardholderName, startMonth, startYear, expiryMonth, expiryYear, cvv. This should be a single JSON line and should not contain any spaces. Read Secure card capture key for details.

Additionally, a tag called captureTime must be presenting indicating the time the card was captured in UTC in format RFC 3339, section 5.6. eg. 2019-08-24T14:15:22Z. Encrypted card is valid for only 15 minutes.

Example: U3dhZ2dlciByb2Nrcw==

card_brandstringOptional

Represents a Card type or brand. It should correspond to a consistent name, the list of standard names is as follows:

Value	Description
AMEX	American Express
CB	Carte Bancaires
DINERS	Diners Club International
DISCOVER	Diners Club Discover
JCB	Japan Credit Bureau
MAESTRO	Multi-national Debit (MasterCard)
MASTERCARD	MasterCard
VISA	Visa
UPI	Union Pay International

Other local schemes as applicable. Enter a pre-defined name to represent the scheme or type.

token_typestring · enumOptional

Token type

Default: REUSEPossible values:

reuse_token_typestring · enumOptional

The type of Reuse Token. This indicates if the reuse token is an internal Verifone type or an external Third-Party type.

Default: INTERNALPossible values:

token_expiry_datestring · dateOptional

When this Token will expire.

public_key_aliasstringRequired

Responses

200

Token result

application/json

reuse_tokenstringOptional

The identifier used to represent the Cardholder data.

analytics_tokenstringOptional

A token that cannot be reversed to Card Holder data. This is included in a Payment for auditing and tracking purposes.

binstring · min: 4 · max: 11Optional

The Bank Identification Number (also called IIN - Issuer Identification Number) of this card.

Example: 492912

expiry_monthinteger · max: 12Optional

A 2 digit value as shown on card. ISO8583 - DE 14

Example: 12

expiry_yearinteger · max: 9999Optional

A 4 digit value as shown on card.

Example: 2021

last_fourstring · max: 4Optional

The last 4 digits of the card number.

Example: 3127

card_holder_namestring · max: 30Optional

The Card holder name as it appears on the card.

Example: MR J HOLDER

updated_atstring · dateOptional

The last date token was updated.

created_atstring · dateOptional

The last date token was created.

token_expiry_datestring · dateOptional

When this Token will expire.

reuse_token_typestring · enumOptional

The type of Reuse Token. This indicates if the reuse token is an internal Verifone type or an external Third-Party type.

Possible values:

token_scopestring · uuidOptional

The token scope under which this token was created.

token_statusstring · enumOptional

The status of the Token.

Example: ACTIVEPossible values:

currencystring · enumOptional

Three-letter ISO 4217 alphabetical currency code. e.g. USD. Values correspond to ISO 4217.

Deprecated: BYR (replaced by BYN), FRF (replaced by EUR), LTL (replaced by EUR), LVL (replaced by EUR), MRO (replaced by MRU), STD (replaced by STN), USS (no replacement), VEF (replaced by VES), ZMK (replaced by ZMV) and BTC (Bitcoin only supported as Crypto Amount).

Possible values:

issuer_countrystring · enumOptional

The ISO 3166-1 alpha-3 country code.

Note: The country code for Great Britain is GB and not UK as is used in that country's top-level domain names.

Possible values:

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

put

/api/v2/card

PUT /oidc/api/v2/card HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Content-Type: application/json
Accept: */*
Content-Length: 296

{
  "token_scope": "0e48425a-f1bc-431a-b7d8-f866de8ba276",
  "encrypted_card": "U3dhZ2dlciByb2Nrcw==",
  "card_brand": "text",
  "token_type": "REUSE",
  "reuse_token_type": "INTERNAL",
  "token_expiry_date": "2026-06-13",
  "public_key_alias": "text",
  "token_context": {
    "entity_id": "text",
    "payment_provider_contract": "text"
  }
}

{
  "reuse_token": "text",
  "analytics_token": "text",
  "bin": "492912",
  "expiry_month": 12,
  "expiry_year": 2021,
  "last_four": "3127",
  "card_holder_name": "MR J HOLDER",
  "bin_details": {
    "bin": "492912",
    "brand": "VISA",
    "issuer_country": "ZZZ",
    "issuer_name": "HSBC",
    "last_four": "3127",
    "type": "CREDIT",
    "variant": "NEW_WORLD"
  },
  "updated_at": "2026-06-13",
  "created_at": "2026-06-13",
  "token_expiry_date": "2026-06-13",
  "reuse_token_type": "CHASE",
  "token_scope": "123e4567-e89b-12d3-a456-426614174000",
  "token_status": "ACTIVE",
  "currency": "AED",
  "issuer_country": "ZZZ",
  "scheme_token": {
    "network_token": "text",
    "status": "VALID",
    "expiry_month": 1,
    "expiry_year": 1,
    "payment_account_reference": "text"
  }
}

Get Token Details

get

/api/v2/card/{id}

Get the details associated with a Verifone issued reuse token.

Authorizations

AuthorizationstringRequired

Path parameters

idany · min: 14 · max: 255Required

The Verifone issued reuse token used to represent the previously stored cardholder data.

Example: VFrandom54965984

Responses

200

Token Result.

application/json

reuse_tokenstringOptional

The identifier used to represent the Cardholder data.

analytics_tokenstringOptional

A token that cannot be reversed to Card Holder data. This is included in a Payment for auditing and tracking purposes.

binstring · min: 4 · max: 11Optional

The Bank Identification Number (also called IIN - Issuer Identification Number) of this card.

Example: 492912

expiry_monthinteger · max: 12Optional

A 2 digit value as shown on card. ISO8583 - DE 14

Example: 12

expiry_yearinteger · max: 9999Optional

A 4 digit value as shown on card.

Example: 2021

last_fourstring · max: 4Optional

The last 4 digits of the card number.

Example: 3127

card_holder_namestring · max: 30Optional

The Card holder name as it appears on the card.

Example: MR J HOLDER

brandstringOptional

The brand of this card. eg. VISA, MASTERCARD, AMEX.

Example: VISA

issuer_countrystring · enumOptional

The ISO 3166-1 alpha-3 country code.

Note: The country code for Great Britain is GB and not UK as is used in that country's top-level domain names.

Possible values:

issuer_namestringOptional

The issuer of this card. eg. HSBC, BARCLAYS.

Example: HSBC

currencystring · enumOptional

Three-letter ISO 4217 alphabetical currency code. e.g. USD. Values correspond to ISO 4217.

Possible values:

typestring · enumOptional

The type of card application or account selection.

Example: CREDITPossible values:

variantstringOptional

The variant of the card. eg. NEW_WORLD

Example: NEW_WORLD

updated_atstring · dateOptional

The last date token was updated.

created_atstring · dateOptional

The last date token was created.

token_expiry_datestring · dateOptional

When this Token will expire.

reuse_token_typestring · enumOptional

The type of Reuse Token. This indicates if the reuse token is an internal Verifone type or an external Third-Party type.

Default: INTERNALPossible values:

token_scopestring · uuidOptional

The token scope under which this token was created.

token_statusstring · enumOptional

The status of the Token.

Example: ACTIVEPossible values:

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

get

/api/v2/card/{id}

GET /oidc/api/v2/card/{id} HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Accept: */*

{
  "reuse_token": "text",
  "analytics_token": "text",
  "bin": "492912",
  "expiry_month": 12,
  "expiry_year": 2021,
  "last_four": "3127",
  "card_holder_name": "MR J HOLDER",
  "brand": "VISA",
  "issuer_country": "ZZZ",
  "issuer_name": "HSBC",
  "currency": "AED",
  "type": "CREDIT",
  "variant": "NEW_WORLD",
  "updated_at": "2026-06-13",
  "created_at": "2026-06-13",
  "token_expiry_date": "2026-06-13",
  "reuse_token_type": "INTERNAL",
  "token_scope": "123e4567-e89b-12d3-a456-426614174000",
  "token_status": "ACTIVE",
  "bin_details": {
    "bin": "492912",
    "brand": "VISA",
    "issuer_country": "ZZZ",
    "issuer_name": "HSBC",
    "last_four": "3127",
    "type": "CREDIT",
    "variant": "NEW_WORLD"
  },
  "scheme_token": {
    "network_token": "text",
    "status": "VALID",
    "expiry_month": 1,
    "expiry_year": 1,
    "payment_account_reference": "text"
  }
}

Delete Token

delete

/api/v2/card/{id}

Delete a Verifone issued reuse token. This operation is not reversible.

Authorizations

AuthorizationstringRequired

Path parameters

idany · min: 14 · max: 255Required

The Verifone issued reuse token used to represent the previously stored cardholder data.

Example: VFrandom54965984

Responses

204

Success. Token was successfully deleted.

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

delete

/api/v2/card/{id}

DELETE /oidc/api/v2/card/{id} HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Accept: */*

No content

Update Token Details

patch

/api/v2/card/{id}

Update the details associated with a Verifone issued reuse token.

If the token needs to be linked to a new PAN, the card property must be present.

It is possible to update only partial details against the same card on file like expiry date, cardholder name or CVV.

Authorizations

AuthorizationstringRequired

Path parameters

idany · min: 14 · max: 255Required

The Verifone issued reuse token used to represent the previously stored cardholder data.

Example: VFrandom54965984

Body

encrypted_cardstringOptional

The cardholder data encrypted using the Verifone provided public key. This can be obtained using either Verifone.JS solution or Verifone Checkout in capture mode.

Example: U3dhZ2dlciByb2Nrcw==

cvvstring · max: 30Optional

The CVV (Card Verification Value) as it appears on the card.

Example: MR J HOLDER

card_holder_namestring · max: 30Optional

The Card holder name as it appears on the card.

Example: MR J HOLDER

card_holder_emailstring · email · min: 3 · max: 254Optional

A valid internationalized email address, as defined by RFC 5322, RFC 6530, and other RFCs. Due to RFC 5321, an email address can be up to 254 characters long even though up to 64 characters are allowed before and 255 characters are allowed after the @ sign. This pattern verifies only that the string contains an unquoted @ sign. See https://tools.ietf.org/html/rfc5322#section-3.4.1.

expiry_monthinteger · min: 1 · max: 12Optional

Card expiry month. A 2 digit value as shown on card. ISO8583 - DE 14.

Example: 12

expiry_yearinteger · max: 9999Optional

Card expiry year. A 4 digit value as shown on the card.

Example: 2021

token_expiry_datestring · dateOptional

When this Token will expire.

public_key_aliasstringOptional

scheme_token_actionstring · enumOptional

Indicates if the scheme tokens should be created / deleted / suspended. Scheme tokens will be created only if token scope has PAR and/or network token support configured.

Possible values:

Responses

200

Token result

application/json

binstring · min: 4 · max: 11Optional

The Bank Identification Number (also called IIN - Issuer Identification Number) of this card.

Example: 492912

expiry_monthinteger · max: 12Optional

A 2 digit value as shown on card. ISO8583 - DE 14

Example: 12

expiry_yearinteger · max: 9999Optional

A 4 digit value as shown on card.

Example: 2021

last_fourstring · max: 4Optional

The last 4 digits of the card number.

Example: 3127

card_holder_namestring · max: 30Optional

The Card holder name as it appears on the card.

Example: MR J HOLDER

card_holder_emailstring · email · min: 3 · max: 254Optional

updated_atstring · dateOptional

The last date token was updated.

created_atstring · dateOptional

The last date token was created.

token_expiry_datestring · dateOptional

When this Token will expire.

token_statusstring · enumOptional

The status of the Token.

Example: ACTIVEPossible values:

currencystring · enumOptional

Three-letter ISO 4217 alphabetical currency code. e.g. USD. Values correspond to ISO 4217.

Possible values:

issuer_countrystring · enumOptional

The ISO 3166-1 alpha-3 country code.

Note: The country code for Great Britain is GB and not UK as is used in that country's top-level domain names.

Possible values:

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

patch

/api/v2/card/{id}

PATCH /oidc/api/v2/card/{id} HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Content-Type: application/json
Accept: */*
Content-Length: 260

{
  "encrypted_card": "U3dhZ2dlciByb2Nrcw==",
  "cvv": "MR J HOLDER",
  "card_holder_name": "MR J HOLDER",
  "card_holder_email": "name@gmail.com",
  "expiry_month": 12,
  "expiry_year": 2021,
  "token_expiry_date": "2026-06-13",
  "public_key_alias": "text",
  "scheme_token_action": "ACTIVATE"
}

{
  "bin": "492912",
  "expiry_month": 12,
  "expiry_year": 2021,
  "last_four": "3127",
  "card_holder_name": "MR J HOLDER",
  "card_holder_email": "name@gmail.com",
  "updated_at": "2026-06-13",
  "created_at": "2026-06-13",
  "token_expiry_date": "2026-06-13",
  "token_status": "ACTIVE",
  "bin_details": {
    "bin": "492912",
    "brand": "VISA",
    "issuer_country": "ZZZ",
    "issuer_name": "HSBC",
    "last_four": "3127",
    "type": "CREDIT",
    "variant": "NEW_WORLD"
  },
  "currency": "AED",
  "issuer_country": "ZZZ",
  "scheme_token": {
    "network_token": "text",
    "status": "DELETED",
    "expiry_month": "12",
    "expiry_year": "2021",
    "payment_account_reference": "text"
  }
}

Suspend Token

patch

/api/v2/card/{id}/suspend

Suspend a Verifone issued reuse token. This operation is reversible.

The token can be activated again by calling the 'Activate Token' endpoint.

Authorizations

AuthorizationstringRequired

Path parameters

idany · min: 14 · max: 255Required

The Verifone issued reuse token used to represent the previously stored cardholder data.

Example: VFrandom54965984

Responses

204

Success. Token was successfully suspended.

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

patch

/api/v2/card/{id}/suspend

PATCH /oidc/api/v2/card/{id}/suspend HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Accept: */*

No content

Activate Token

patch

/api/v2/card/{id}/activate

Activate a Verifone issued reuse token.

Authorizations

AuthorizationstringRequired

Path parameters

idany · min: 14 · max: 255Required

The Verifone issued reuse token used to represent the previously stored cardholder data.

Example: VFrandom54965984

Responses

204

Success. Token was successfully activated.

400

Bad Request

application/json

401

Unauthorised

application/json

403

Forbidden

application/json

404

Not Found

application/json

500

Internal Server Error

application/json

patch

/api/v2/card/{id}/activate

PATCH /oidc/api/v2/card/{id}/activate HTTP/1.1
Host: emea.gsc.verifone.cloud
Authorization: Basic username:password
Accept: */*

No content

PreviousTransaction NextSecure Card Capture

Last updated 1 month ago

Was this helpful?